7 Commits

Author SHA1 Message Date
Damien Tournoud
ed58d6e4ce extmod/modussl_mbedtls: Fix support for ioctl(MP_STREAM_POLL).
During the initial handshake or subsequent renegotiation, the protocol
might need to read in order to write (or conversely to write in order
to read). It might be blocked from doing so by the state of the
underlying socket (i.e. there is no data to read, or there is no space
to write).

The library indicates this condition by returning one of the errors
`MBEDTLS_ERR_SSL_WANT_READ` or `MBEDTLS_ERR_SSL_WANT_WRITE`. When that
happens, we need to enforce that the next poll operation only considers
the direction that the library indicated.

In addition, mbedtls does its own read buffering that we need to take
into account while polling, and we need to save the last error between
read()/write() and ioctl().
2022-12-15 12:06:22 -08:00
Damien George
18ecc29bb8 tests/extmod/ussl_basic: Make test run on axtls and mbedtls.
Fixes issue #4364.

Signed-off-by: Damien George <damien@micropython.org>
2022-07-18 18:12:39 +10:00
Thorsten von Eicken
9aa214077e extmod/modussl: Improve exception error messages.
This commit adds human readable error messages when mbedtls or axtls raise
an exception.  Currently often just an EIO error is raised so the user is
lost and can't tell whether it's a cert error, buffer overrun, connecting
to a non-ssl port, etc.  The axtls and mbedtls error raising in the ussl
module is modified to raise:

    OSError(-err_num, "error string")

For axtls a small error table of strings is added and used for the second
argument of the OSErrer.  For mbedtls the code uses mbedtls' built-in
strerror function, and if there is an out of memory condition it just
produces OSError(-err_num).  Producing the error string for mbedtls is
conditional on them being included in the mbedtls build, via
MBEDTLS_ERROR_C.
2020-07-20 23:41:45 +10:00
Paul Sokolovsky
7b5400134b tests/ussl_basic: Disable setblocking() calls.
Now that setblocking() is implemented in modussl_axtls, it calls into the
underlying stream object, and io.BytesIO doesn't have setblocking().
2019-04-30 17:27:28 +10:00
Paul Sokolovsky
c76445315f extmod/modussl_axtls: Add non-blocking mode support.
It consists of:

1. "do_handhake" param (default True) to wrap_socket(). If it's False,
handshake won't be performed by wrap_socket(), as it would be done in
blocking way normally. Instead, SSL socket can be set to non-blocking mode,
and handshake would be performed before the first read/write request (by
just returning EAGAIN to these requests, while instead reading/writing/
processing handshake over the connection). Unfortunately, axTLS doesn't
really support non-blocking handshake correctly. So, while framework for
this is implemented on MicroPython's module side, in case of axTLS, it
won't work reliably.

2. Implementation of .setblocking() method. It must be called on SSL socket
for blocking vs non-blocking operation to be handled correctly (for
example, it's not enough to wrap non-blocking socket with wrap_socket()
call - resulting SSL socket won't be itself non-blocking).  Note that
.setblocking() propagates call to the underlying socket object, as
expected.
2019-04-30 17:26:37 +10:00
Paul Sokolovsky
4368ae3142 extmod/modussl_axtls: Allow to close ssl stream multiple times.
Make sure that 2nd close has no effect and operations on closed streams
are handled properly.
2017-07-20 00:20:53 +03:00
Damien George
38f063ea72 tests/extmod: Add very basic feature test for ussl module.
This test just tests that the basic functions/methods can be called with
the appropriate arguments.  There is no real test of underlying
functionality.

Thanks to @hosaka for the initial implementation of this test.
2017-03-09 13:42:34 +11:00